一、定义
WLAN漫游是指STA在不同AP覆盖范围之间移动且保持用户业务不中断的行为。
pc在同一个AC内漫游:
WLAN漫游策略是指STA可以在同属一个ESS的AP接入,并且在移动的过程中保证已有的业务不中断。
下面开始配置:
按照下图做好拓扑
| 配置项 | 用途 | 数据 |
|---|---|---|
| AP地址池 | AP分发的IP地址池 | VLAN100:ip add 10.1.100.1 24 |
| STA地址池 | STA分发的IP地址池 | VLAN101:ip add 10.1.101.1 24VLAN102:ip add 10.1.102.1 24 |
| AP组 | 实现多AP统一管理配置 | ap-group1 引用模板:VAP模板wlan-vap、域管理模板security-1 |
| 域管理模板 | 提供对AP的国家码,调优信道集合和调优带宽 | domain1 国家码:cn |
| SSID | 配置无线网络名称SSID名称 | huawei-1 SSID名称:huawei-1 |
| 安全模板 | 配置WLAN安全策略,对终端进行身份认证 | security-1 安全策略:PWA-WPA2 PSK AES SSID密码:无 |
| VAP模板 | 为STA提供无线接入服务 | huawei-1,huawei-2 |
| 射频模板 | 用于优化射频参数,提供信道切换业务不中断功能 | ap-group1 |
先配置接入交换机(lsw1)
vlan batch 100 to 102
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 102
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 102
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 102
在配置汇聚层交换机
vlan batch 100 to 102
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 102
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 102
[AC]interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 102
dhcp enable #激活dhcp
vlan batch 100 to 102
[AC]int vlan 100
[AC-Vlanif100]ip add 10.1.100.1 24
[AC-Vlanif100]dhcp select interface 下发dhcp
[AC-Vlanif100]int vlan 101
[AC-Vlanif101]ip add 10.1.101.1 24
[AC-Vlanif101]dhcp select interface
[AC-Vlanif101]int vlan 102
[AC-Vlanif102]ip add 10.1.102.1 24
[AC-Vlanif102]dhcp select interface
[AC]capwap source interface vlanif100 #建立隧道,管理vlan是100
ap工作组
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
Info: This operation may take a few seconds. Please wait for a moment.done.
[ac6605-wlan-ap-group-ap-group1]q
建立域模板
[AC-wlan-view]regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1]country-code CN
Info: The current country code is same with the input country code.
[AC-wlan-regulate-domain-domain1]q
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile name domain1
ssid模板
[AC-wlan-view]ssid-profile name huawei-1
[AC-wlan-ssid-prof-huawei-1]ssid huawei-1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-huawei-1]q
[AC-wlan-view]ssid-profile name huawei-2
[AC-wlan-ssid-prof-huawei-2]ssid huawei-2
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-huawei-2]q
[AC-wlan-view]
安全模板
[AC-wlan-view]security-profile name security-1
[AC-wlan-sec-prof-security-1]security open #不设置ssid密码(wifi密码)
[AC-wlan-sec-prof-security-1]q
[AC-wlan-view]vap-profile name huawei-1
[AC-wlan-vap-prof-huawei-1]ssid-profile huawei-1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-huawei-1]security-profile security-1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-huawei-1]service-vlan vlan-id 101
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-huawei-1]forward-mode direct-forward #转发模式,逐级转发
[AC-wlan-vap-prof-huawei-1]q
[AC-wlan-view]vap-profile name huawei-2
[AC-wlan-vap-prof-huawei-2]service-vlan vlan-id 102
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-huawei-2]ssid-profile huawei-2
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-huawei-2]security-profile security-1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-huawei-2]q
ap认证
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-mac 00E0-FCB0-52C0 ap-id 0
[AC-wlan-ap-0]ap-name ap1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment… done.
[AC-wlan-ap-0]q
[AC-wlan-view]ap-mac 00e0-fc32-2190 ap-id 1
[AC-wlan-ap-1]ap-name ap2
[AC-wlan-ap-1]ap-group ap-group1
[AC-wlan-ap-1]
工作组
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile huawei-1 wlan 1 ra
[AC-wlan-ap-group-ap-group1]vap-profile huawei-1 wlan 1 radio 0
Info: This operation may take a few seconds, please wait…done.
[AC-wlan-ap-group-ap-group1]vap-profile huawei-2 wlan 2 radio 0
Info: This operation may take a few seconds, please wait…done.
[AC-wlan-ap-group-ap-group1]
到这里等待一会儿,两个信号范围就会出现,
下面
更改ap1的信道为6
更改ap2的信道为11
[AC]wlan
[AC-wlan-view]ap-id 0
[AC-wlan-ap-0]radio 0
[AC-wlan-radio-0/0]ch
[AC-wlan-radio-0/0]channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/0]q
[AC-wlan-view]ap-id 1
[AC-wlan-ap-1]radio 0
[AC-wlan-radio-1/0]channel 20mhz 11
Warning: This action may cause service interruption. Continue?[Y/N]y
在拓扑上新加一个ap
开启AP
在lsw1上把接口加入vlan
lsw1
[sw1]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type trunk
[sw1-GigabitEthernet0/0/4]port trunk pvid vlan 100
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 to102
[AC]wlan
[AC-wlan-view]ap-mac 00E0-FCDE-4140 ap-id 2
[AC-wlan-ap-2]ap-name ap3
[AC-wlan-ap-2]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment… done.
[AC-wlan-ap-2]
等一会儿AP3就会有信号
然后我们就可以通过移动sta2的位置
先看一下IP地址
然后用ping命令带上-t持续进行
ping 10.1.102.1 -t
可以看到设备移动处于中间位置是,延迟达到最大。因为处于边缘。
到此结束。
做个总结
STA2可以在AP2和AP3中做无线漫游。修改信道,是防止在相同信道下有干扰,影响网络质量。
当把sta2放到ap1的网络里是连不上的,因为本文章我在ping10.1.102.1,在lsw1,没有让连接ap1的端口通过vlan102.所以
如果吧lsw1的G0/0/1口将vlan102也通过,即可连同ap1的网络也可以无限漫游。
附:wlan漫游拓扑及配置文件。 https://download.csdn.net/download/qq_33770580/85237384
